openapi: Add display attributes for approle (#19363)

hashicorp · Apr 6, 2023 · 5334e12 · 5334e12
1 parent d70c17f
commit 5334e12
Show file tree

Hide file tree

Showing 4 changed files with 108 additions and 0 deletions.
diff --git a/builtin/credential/approle/backend.go b/builtin/credential/approle/backend.go
@@ -15,6 +15,7 @@ import (
 )
 
 const (
+	operationPrefixAppRole      = "app-role"
 	secretIDPrefix              = "secret_id/"
 	secretIDLocalPrefix         = "secret_id_local/"
 	secretIDAccessorPrefix      = "accessor/"

diff --git a/builtin/credential/approle/path_login.go b/builtin/credential/approle/path_login.go
@@ -19,6 +19,10 @@ import (
 func pathLogin(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "login$",
+		DisplayAttrs: &framework.DisplayAttributes{
+			OperationPrefix: operationPrefixAppRole,
+			OperationVerb:   "log-in",
+		},
 		Fields: map[string]*framework.FieldSchema{
 			"role_id": {
 				Type:        framework.TypeString,

diff --git a/builtin/credential/approle/path_role.go b/builtin/credential/approle/path_role.go
@@ -124,6 +124,10 @@ func rolePaths(b *backend) []*framework.Path {
 
 	p := &framework.Path{
 		Pattern: "role/" + framework.GenericNameRegex("role_name"),
+		DisplayAttrs: &framework.DisplayAttributes{
+			OperationPrefix: operationPrefixAppRole,
+			OperationSuffix: "role",
+		},
 		Fields: map[string]*framework.FieldSchema{
 			"role_name": {
 				Type:        framework.TypeString,
@@ -300,6 +304,10 @@ can only be set during role creation and once set, it can't be reset later.`,
 		p,
 		{
 			Pattern: "role/?",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "roles",
+			},
 			Operations: map[logical.Operation]framework.OperationHandler{
 				logical.ListOperation: &framework.PathOperation{
 					Callback: b.pathRoleList,
@@ -321,6 +329,10 @@ can only be set during role creation and once set, it can't be reset later.`,
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/local-secret-ids$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "local-secret-ids",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -349,6 +361,10 @@ can only be set during role creation and once set, it can't be reset later.`,
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/policies$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "policies",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -400,6 +416,10 @@ can only be set during role creation and once set, it can't be reset later.`,
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/bound-cidr-list$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "bound-cidr-list",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -442,6 +462,10 @@ of CIDR blocks. If set, specifies the blocks of IP addresses which can perform t
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id-bound-cidrs$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "secret-id-bound-cidrs",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -483,6 +507,10 @@ IP addresses which can perform the login operation.`,
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/token-bound-cidrs$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "token-bound-cidrs",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -523,6 +551,10 @@ IP addresses which can perform the login operation.`,
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/bind-secret-id$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "bind-secret-id",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -564,6 +596,10 @@ IP addresses which can perform the login operation.`,
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id-num-uses$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "secret-id-num-uses",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -604,6 +640,10 @@ IP addresses which can perform the login operation.`,
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id-ttl$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "secret-id-ttl",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -645,6 +685,10 @@ to 0, meaning no expiration.`,
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/period$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "period",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -696,6 +740,10 @@ to 0, meaning no expiration.`,
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/token-num-uses$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "token-num-uses",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -736,6 +784,10 @@ to 0, meaning no expiration.`,
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/token-ttl$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "token-ttl",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -776,6 +828,10 @@ to 0, meaning no expiration.`,
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/token-max-ttl$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "token-max-ttl",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -816,6 +872,10 @@ to 0, meaning no expiration.`,
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/role-id$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "role-id",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -852,6 +912,10 @@ to 0, meaning no expiration.`,
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id/?$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "secret-id",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -917,6 +981,9 @@ Overrides secret_id_ttl role option when supplied. May not be longer than role's
 				},
 				logical.ListOperation: &framework.PathOperation{
 					Callback: b.pathRoleSecretIDList,
+					DisplayAttrs: &framework.DisplayAttributes{
+						OperationSuffix: "secret-ids",
+					},
 					Responses: map[int][]framework.Response{
 						http.StatusOK: {{
 							Description: "OK",
@@ -935,6 +1002,11 @@ Overrides secret_id_ttl role option when supplied. May not be longer than role's
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id/lookup/?$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "secret-id",
+				OperationVerb:   "look-up",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -1003,6 +1075,11 @@ Overrides secret_id_ttl role option when supplied. May not be longer than role's
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id/destroy/?$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "secret-id",
+				OperationVerb:   "destroy",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -1021,13 +1098,21 @@ Overrides secret_id_ttl role option when supplied. May not be longer than role's
 				logical.DeleteOperation: &framework.PathOperation{
 					Callback:  b.pathRoleSecretIDDestroyUpdateDelete,
 					Responses: responseNoContent,
+					DisplayAttrs: &framework.DisplayAttributes{
+						OperationSuffix: "secret-id2",
+					},
 				},
 			},
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-secret-id-destroy"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-secret-id-destroy"][1]),
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id-accessor/lookup/?$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "secret-id-by-accessor",
+				OperationVerb:   "look-up",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -1096,6 +1181,11 @@ Overrides secret_id_ttl role option when supplied. May not be longer than role's
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/secret-id-accessor/destroy/?$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "secret-id-by-accessor",
+				OperationVerb:   "destroy",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,
@@ -1114,13 +1204,20 @@ Overrides secret_id_ttl role option when supplied. May not be longer than role's
 				logical.DeleteOperation: &framework.PathOperation{
 					Callback:  b.pathRoleSecretIDAccessorDestroyUpdateDelete,
 					Responses: responseNoContent,
+					DisplayAttrs: &framework.DisplayAttributes{
+						OperationSuffix: "secret-id-by-accessor2",
+					},
 				},
 			},
 			HelpSynopsis:    strings.TrimSpace(roleHelp["role-secret-id-accessor"][0]),
 			HelpDescription: strings.TrimSpace(roleHelp["role-secret-id-accessor"][1]),
 		},
 		{
 			Pattern: "role/" + framework.GenericNameRegex("role_name") + "/custom-secret-id$",
+			DisplayAttrs: &framework.DisplayAttributes{
+				OperationPrefix: operationPrefixAppRole,
+				OperationSuffix: "custom-secret-id",
+			},
 			Fields: map[string]*framework.FieldSchema{
 				"role_name": {
 					Type:        framework.TypeString,

diff --git a/builtin/credential/approle/path_tidy_user_id.go b/builtin/credential/approle/path_tidy_user_id.go
@@ -20,6 +20,12 @@ func pathTidySecretID(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "tidy/secret-id$",
 
+		DisplayAttrs: &framework.DisplayAttributes{
+			OperationPrefix: operationPrefixAppRole,
+			OperationSuffix: "secret-id",
+			OperationVerb:   "tidy",
+		},
+
 		Operations: map[logical.Operation]framework.OperationHandler{
 			logical.UpdateOperation: &framework.PathOperation{
 				Callback: b.pathTidySecretIDUpdate,